AT&T AlienVault USM Review

It's based on an open source product and therefore fully customizable.


What is most valuable?

Flexibility. As the source of AlienVault is based on an Open Source product, it is possible to implement nearly everything including fully customized plugins, scripts, etc. We haven't yet found any limitations.

How has it helped my organization?

We are now able to track any kind of threat including external (malware) or internal (people trying to bypass restrictions, USB keys etc.).

We are able to track changes in the authentication integrity (new user created, domain admin elevation, etc.) and get mail or tickets in cases of suspicious behavior.

It helps us with our ISO27001 compliance.

What needs improvement?

The search capabilities are not optimal and are going to be optimized in the next versions. For example, it is possible to search both username and IPs but not usernames and specific fields (aka user data) at the same time.

Documentation needs to be improved, especially due to the fact that AlienVault gets improved often with new features.

Vulnerability scanning does not support Nessus (after version 5) which is a leader in the market. The default vulnerability scanner is OpenVAS, it does the job but the report are not the same quality as Nessus.

For how long have I used the solution?

3+ years

What do I think about the stability of the solution?

No stability issues were encountered.

What do I think about the scalability of the solution?

No scalability issues as the product is highly scalable. You have to take care of what you want to integrate and think of use-cases instead of global log collection. In our opinion this is the key of success as you will scale your infrastructure with what you really need.

How are customer service and technical support?

Customer Service:

Customer service can be a great help depending on the kind of project. They are very reactive for commercial offers.

Technical Support:

Technical support is good and reactive but you should also pass the training to have better knowledge of the solution.

Which solution did I use previously and why did I switch?

We chose this product because of:

  • Pricing model
  • Flexibility of the solution
  • Multi-tier architecture/scalability

How was the initial setup?

Yes, when you don’t have experience with the product you have to learn and understand all the “concepts”. In this case AlienVault generally provide “free” technical service with third party companies to be able to operate something quickly.

What about the implementation team?

We started with the free technical support provided for the test time. Then we quickly take the product in our hands, got certified on it and became independent.

What was our ROI?

The ROI is very good if you evaluate all the services which AlienVault can help you with: detection of Malware, bad activities, suspicious behavior, etc. All these threats can create high financial lose and a big part of them could be prevented using the SIEM.

What other advice do I have?

If you don’t want to overpay, and want to have something working, you have to make an assessment based on:

- what are your assets?
- what is the criticality of each one?
- what use cases do you want to implement?

From there create a plan on how to implement them to limit the number of collection to the minimum to avoid flooding of data/high costs due to over-sized infrastructure.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More AT&T AlienVault USM reviews from users
...who work at a Financial Services Firm
...who compared it with McAfee ESM
Learn what your peers think about AT&T AlienVault USM. Get advice and tips from experienced pros sharing their opinions. Updated: September 2021.
535,544 professionals have used our research since 2012.
Add a Comment
ITCS user
Guest
1 Comment

author avatarTami Andrews (AlienVault)
Real User

Thank you David for providing your feedback & assessment of working with USM.